tevora.com

Keeping personal information, health information, and confidential business information secure in this emerging IoT world requires new and creative security solutions. The world of IoT medical devices has all the security risks associated with IoT devices in general, plus the potential for malicious actors to negatively impact a person’s medical condition or compromise sensitive patient medical information. As with IoT devices in general, significant enhancements to cybersecurity tools and practices will be needed to ensure the security of IoT medical device environments. We Can Help Tevora’s team of security and IoT specialists have extensive experience helping some of the world’s leading companies secure their connected device environments.

On March 2, 2021, Microsoft announced a series of zero-day exploits targeted towards on-premises Exchange servers, compromising organization email accounts and resulting in remote code execution. The vulnerabilities allow attackers to authenticate as the Exchange server via arbitrary HTTP requests, using a server-side request forgery (SSRF) vulnerability; abuse insecure deserialization in the Unified Messaging service to run code as SYSTEM on an Exchange server (requires administrator access to exploit); and write files to the system arbitrarily after authentication via one of the other vulnerabilities. Upon exploitation of these vulnerabilities, HAFNIUM deployed webshells on compromised systems to maintain access and full remote code execution, a list of which are found along with other IOCs on Microsoft’s official threat disclosure page for the incident. Recommended actions for organizational systems that may be affected are threat hunting, using the provided IOCs, and if present, deploying remediation protocols such as isolating infected hosts from the network, removing all traces of persistence and exploitation, and patching the servers (reimaging if necessary).

If you plan to expand your business to serve customers in Canada, you’ll need to understand how CCPA differs from Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA). Conversely, if you’re a Canadian firm looking to expand into California, you’ll also need to understand the differences between these two data privacy laws. However, Canada’s federal government has introduced new legislation that would, if approved, strengthen Canada’s privacy laws. We Can Help If you have questions about CCPA or PIPEDA or would like help implementing changes in your environment to ensure compliance with these laws, Tevora’s team of data privacy and security specialists can help.

None Data Processors and Data Controllers, established in the EU, that process personal data in the context of activities of the EU establishment, regardless of whether data processing takes place in the EU. None Also applies to Data Controllers and Data Processors not established in the EU that process EU Data Subjects’ personal data in connection with offering goods or services in the EU, or monitoring their behavior. None Data Controllers must also take reasonable steps to inform other Data Controllers that process the data. None Personal data must be kept in a form that permits identification of Data Subjects for no longer than is necessary for the purpose for which the personal data are processed.